Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Gabriel Requito on December 02, 2002, 03:08:31 AM

Title: Network Tunnel Over the Internet
Post by: Gabriel Requito on December 02, 2002, 03:08:31 AM

Hello everyone,

I am searching the forums for an answer to my problem, but after many hours of reading and testing some things I am more confused than I was in the beginning.
I am administering 3 LAN´s at 3 different locations. I have one SME 5.5 Server and Gateway in each LAN and I intend to connect the 3 LAN´s in order to have one BIG LAN with every servers and every PC´s, so they can see each other.
I’ve installed IPSec VPN on every servers and configured one as server and the other two as clients, but I can’t understand how to configure. I’ve followed the manual at http://myezserver.com/download/mitel/contrib/freeswan-0.4-howto.html, but I can’t put it to work properly, so I decided to ask for help, because I don’t understand a lot of Linux, but from the few I know, I know it’s better and more stable than windows.
My questions are:

1º. My 3 LAN’s are 192.168.0.x. I must change that so every LAN has it’s own IP network (192.168.0.x – 192.168.1.x – 192.168.2.x) right?
   (I’ve done that and didn’t work out)
2º. Is IPSec VPN the right choice?
3º. How do I have to configure the 3 SME boxes?

Hope that someone can help, because I’m getting very frustrated with this and by boss every day ask me for results…

Thank’s in advance

Best Regards
Gabriel Requito

Title: Re: Network Tunnel Over the Internet
Post by: Terry Brummell on December 02, 2002, 01:31:03 PM

This may not be what you want to hear, but, if you purchased Service Link from an autorized dealer your IPSec VPN would be setup just by a couple of mouse clicks in the admin page.  Maybe your boss would purchase it...

Terry

Title: Re: Network Tunnel Over the Internet
Post by: Michael Smith on December 03, 2002, 05:26:18 AM

You'll need at least TWO IPSec VPN networks set up on the "server" machine ... one for each client.  I don't know if the two client machines would need an independent VPN between themselves.  That is, I know you NEED A-B and A-C but I don't know if you need B-C.

You configured your subnets OK but I suspect you didn't get it right somewhere else.  Get ONE of the VPNs working, then work on the rest.  It's completely sensitive to exact configuration ... if you don't copy the keys correctly, or if you don't get the gateway or router info correctly, or if you don't add the local network correctly ... forget it.

Again, try to get ONE working then see.

Or, as was suggested, ante up for ServiceLink and leave the worries to Mitel.  Especially as the boss is leaning on you!

Since you're using 5.5, why not try

http://myezserver.com/downloads/mitel/contrib/freeswan-sme55/

instead of the older version?